'A classic honeypot': Movie fans catching up on Best Picture nominees targeted by dangerous malware ahead of of Oscars 2026

News
By published

Malware found targeting movie fans ahead of Oscars 2026

Sinners for the 2026 Critics' Choice Awards
(Image credit: Critics' Choice Awards)
  • Film fans targeted by Efimer malware ahead of Oscars 2026
  • Malware hosted on fake sites for Best Picture nominees
  • Efimer can steal crypto, passwords and more

Film fans looking to catch up on all the year's top films ahead of the Oscars 2026 have been warned to be on their guard against new cyber threats.

Experts at CyberNews have revealed a malware campaign dubbed Efimer, which targets people searching online for illegal downloads of this year’s Best Picture nominees.

Anyone looking for their fix of Marty Supreme, Sinners or Bugonia is actually putting themselves at risk of having their information and online accounts hacked, the experts warn.

Article continues below

Efimer on the hunt

In their write-up of the campaign, CyberNews noted how Efimer is "a classic honeypot" targeting those who want to make sure they haven't missed the year's biggest films.

"Instead of a high-definition rip, they are downloading a script that will attempt emptying their digital wallets," the experts say.

Unusually, the danger of Efimer comes not from torrent sites, but from Google search, where unsuspecting film fans might find themselves clicking on a link to a malicious site pretending to host top movies.

In reality, hackers have weaponized SEO by hijacking vulnerable WordPress sites to spread malware, as legitimate business sites have been compromised through brute-force attacks to host fake torrent landing pages.

In total, 12.11% of Google results were found to be malicious, as the researchers say Efimer has used every single Best Picture 2026 nominee to widen its net - Marty Supreme was the most popular lure with 16 malicious links, followed by Bugonia with 15 and Sinners with 12.

Once on the malicious site, victims are told they need to install a “special player” to view the movie, but this is actually the Efimer malware in disguise. Once installed, Efimer monitors the user's clipboard, and when it detects the victim is about to send a crypto transaction, it silently replaces the recipient’s address with the attacker’s.

The campaign only targets Windows users, who are told to be suspicious when clicking on unusual links, and ensure they have robust and reliable antivirus and firewall software installed and updated to the latest version.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Mike Moore
Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.